Network device configuration

ABSTRACT

A network device initially has no configuration data and is permitted only to query a known network address. From this address a server verifies the connection and authorises another server to download to the network device the necessary configuration to carry out its purpose. This configuration may not be amended and is not retained on power loss. Any updates are carried out by a complete reload of configuration data.

TECHNICAL FIELD

This invention relates to connecting to the internet via a dataconnection which connection is remotely configurable as to accesspermissions. The connection may be via a modem or via a direct networkconnection.

BACKGROUND ART

Connection of network devices to a network typically require theattendance of a person on site to carry out the initial configuration ofthe device. For example, connection of a users business to the internetfor access by internal parties may be by ADSL (Asymmetric DigitalSubscriber Line) or some other connection protocol. Such a connection istypically via an ADSL modem and may include a router to route incomingdata packets and a firewall to stop attempts to intrude into the usersdata. Typically the configuration of the router and firewall is done onsite and will need to be changed on site to cater for variations overtime in the users business. This involves a smaller user in expense asit requires specialised IT personnel to come on site to carry out theconfiguration.

Connections for higher volume users also typically include routers andfirewalls connected via a plurality of modems for internet access.Currently these are mainly configured on site by the users skilledpersonnel. It is known, once the initial configuration is carried out,that the device may be remotely connected to via the network and finalconfiguration carried out.

Typically such a network device will include an operating system of somesort which will be accessible by using an external name and password.Once the correct name and password is entered the remote user may modifythe device settings, including settings for any router and firewall.This provides security problems, since it is possible for someone withknowledge of the name and password to alter the modem settings withoutauthority.

It is therefore an object of the present invention to provide a networkdevice which does not require any on site attendance for configurationof the network device but which is secure or which will at least providethe public with a useful choice.

PRIOR ART

It is known to provide remotely configured routers to avoid attendanceon site, for instance U.S. Pat. No. 6,012,088 shows one such router,however such routers may provide a security problem in that if access isgained to them from one of the networks the router configuration can bechanged, and may be changed in such a manner as to compromise security.

It is therefore an object of the present invention to provide aninternet connection which does not require on site attendance forconfiguration of router or firewall but which does provide completesecurity of the configuration or which will at least provide the publicwith a useful choice.

DISCLOSURE OF INVENTION

Accordingly, the invention may broadly be said to consist in a networkdevice having operating software but no configuration data allowing itto carry out its intended purpose which network device is remotelyprogrammable with configuration data as a whole but which network deviceor operating software has no facility to allow any incremental change ofconfiguration data.

Preferably the device configuration data is held in random access memory(RAM) and is lost when no network device supply voltage is present.

Preferably the device software contains a routine which oninitialisation attempts to contact a remote verification authority toauthorise retrieval of configuration data from a configurationauthority.

Preferably the device software contains only the routine for contactingthe remote verification authority and receiving data from the remoteconfiguration authority.

Preferably the contact with the remote verification authority is subjectto encryption.

Preferably the device initially contains an input filter which will onlyreceive configuration data from a specified remote configurationauthority address.

Preferably the device is a router which is integral with a modem.

Preferably the modem is an asymmetric digital subscriber line (ADSL)modem.

Alternatively the invention may be said to lie in the method ofconfiguring a network device which loses its configuration data on powerloss comprising providing a network device without user configurationdata, providing within the network device a routine which securelycontacts a remote verification authority, and downloading from a remoteconfiguration authority authorised by the remote verification authoritythe entire configuration data.

Preferably the network device is a router.

Preferably the router is part of an ADSL modem.

Preferably the network device is capable of being configured only byremote download of the complete configuration data.

Preferably the network device routine which contacts the remoteverification authority carries out any information transfer using secureencryption.

Preferably the secure encryption uses a public key encryption method.

Preferably the private key for the network device is provided by adevice temporarily connected to the network device.

Preferably the temporarily connected device is a USB memory device.

Preferably the configuration data is also lost from the network deviceon any intrusion attempt.

Alternatively the invention may be said to consist in a method ofproviding communication between two network devices of unknown networkaddress wherein each device is required to download its configurationparameters from a server at a known network address each time the deviceis initialised, the devices allocated network addresses are stored atserver, the server may be queried for the allocated network addresses ofthe two network devices, and wherein communications can be initiatedbetween the two network addresses from this data.

Preferably the two network devices are routers.

Preferably the routers form part of ADSL modems.

The invention may also broadly be said to consist in the parts, elementsand features referred to or indicated in the specification of theapplication, individually or collectively, and any or all combinationsof any two or more of the parts, elements or features, and wherespecific integers are mentioned herein which have known equivalents,such equivalents are incorporated herein as if they were individuallyset forth.

BRIEF DESCRIPTION OF DRAWINGS

One preferred form of the invention will now be described with referenceto the accompanying drawings in which,

FIG. 1 shows a block diagram of one form of network device.

FIG. 2 shows a flow diagram of the initial mediation procedure whichdownloads to the network device.

DETAILED DESCRIPTION

With reference to FIG. 1, the diagram shows a network device consistingof an ADSL connection via a modem 101 to a firewall 102 and router 103which distributes the data to devices such as PC's 104. The modem actsto convert packets from the firewall router into a form suitable forcarrying information over the internet. The firewall 102 acts torestrict what information packets may be transferred into the userssystem and the router 103 acts to distribute packets to an internal userin accordance with the packet address.

In practice the modem, firewall and router may be combined into a singleitem of equipment with the configuration data held in a common internallocation.

According to the current invention the modem, or firewall or router, hasconfiguration information, which is internally held, but thisinformation is not capable of being changed by any routine or subroutineheld in the modem. The only way in which this information can be alteredis to download an updated configuration from a remote authority. Theonly remote authority which the modem recognises are ones which are hardcoded into the internal software, and the only action the modem can takeas regards configuration is to contact the remote authority in a securemanner. This action can occur either at power on or if an intrusion isdetected, or it can be triggered by a specific remote query.

Thus the modem may have instructions in read only memory (ROM) whichinstruct it to call an address such as 203.17.209.32 upon initial poweron, but to otherwise provide no routing of incoming or outgoing datapackets. Once the designated address is called and a verificationestablished for the network device from a verification service a secureconnection between the modem and the address is set up, preferably bythe exchange of encrypted passwords through a secure sockets layer(SSL), and the modems' required configuration is downloaded from aconfiguration server. This provides the routing configuration requiredand leaves the modem in a secure state.

The configuration may include any connection data and passwords forconnecting the modem to an internet service provider (ISP), and themodem may automatically carry out the connection once configured.

Where the connection between the modem and the server is such that itdoes not support full public key encryption the authentication for themodem may be provided by a removable key, for instance a USB key.

Should an attempt be made to configure or reconfigure the modem withoutusing the correct encryption from the correct address the modeminitialisation software is intended to be re-triggered, resulting in acomplete download of the required configuration.

FIG. 2 shows how the equipment on powering on at 201 searches for aninternet connection at, and on detecting one sends a particular datastream to the remote verification authority at 202, 203 which detectsthe identity of the calling equipment, and from this can look up thecustomers identity, the equipments current state, and its desired stateas required by the customer. The remote authority then connects aconfiguration server and initiates the procedure to securely update theequipment at 204 with the desired configuration changes and with thesoftware required to carry out the desired functions. The remoteconfiguration authority can then continue to receive operation reportsfrom the equipment at scheduled intervals.

In accordance with the present invention the modem, firewall and routerare normally provided as a single equipment item which may also includea hub or switch. This item is installed on the users premises, providedwith a connection to the internet and powered up. On detecting theinternet connection the equipment identifies itself to the remoteverification authority, the only action it is capable of taking.

The remote authority will detect the identification of the callingequipment and validate this against a database of equipment whose setupsare stored. If the equipment ID is found the remote authority may then,in secure mode, connect the calling equipment to a configuration serviceand download to the equipment such configuration details and software aswill allow it to perform the desired router/firewall functions.

Preferably the equipment configuration template is held by the remoteauthority, who may either make changes in it or allow the user to makechanges in it via secure internet access. Such changes may be downloadedto the equipment in the same manner as the initial configuration data,though in most instances the remote authority will send a code to theequipment which forces it to reload the configuration.

The firewall and router may maintain the normal statistics of packetspassed, addresses sent to or received from, intrusion attempts etc. andmay, either on prompting or on schedule, send these details to theconfiguration authority for storage and possible analysis.

The firewall or router may be set up to pass information through desiredports and may be set to configure these ports on call. Thus if a clientrequires a VPN connection between two locations which do not have aspecific allocated IP address (as for instance a small office served byan ADSL without a fixed address) the client requests the VPN connectionfrom the remote authority, which will have stored the network address ofany modem of the inventive type. The remote authority then notifies thenetwork devices of the required connection and the devices then createthe VPN connection. Thus a VPN connection can be established between twomodems which did not initially know each others addresses.

While the invention is described in relation to an ADSL modem theinvention is equally as applicable to the configuration of a PC, arouter of any type, a mobile phone or PDA or other similar equipment.

INDUSTRIAL APPLICABILITY

The invention is applicable to the guaranteeing of the configuration ofa network device, to prevent the compromising of data passing throughthat device, or the extraction of data in an unintended manner by thatdevice.

Thus it can be seen that at least the preferred form of the inventionprovides an item of equipment which can be remotely configured fornetwork device set up purposes.

1. A network device having operating software but no configuration dataallowing it to carry out its intended purpose which network device isremotely programmable with configuration data as a whole but whichnetwork device or operating software has no facility to allow anyincremental change of configuration data.
 2. A network device as claimedin claim 1 wherein the device configuration data is held in randomaccess memory (RAM) and is lost when no network device supply voltage ispresent.
 3. A network device as claimed in claim 1 wherein the devicesoftware contains a routine which on initialisation attempts to contacta remote verification authority to authorise retrieval of configurationdata from a configuration authority.
 4. A network device as claimed inclaim 3 wherein the device software contains only the routine forcontacting the remote verification authority and receiving data from theremote configuration authority.
 5. A network device as claimed in claim3 wherein the contact with the remote verification authority is subjectto encryption.
 6. A network device as claimed in claim 2 wherein thedevice initially contains an input filter which will only receiveconfiguration data from a specified remote configuration authorityaddress.
 7. A network device as claimed in claim 1 wherein the device isa router which is integral with a modem.
 8. A router as claimed in claim7 wherein the modem is an asymmetric digital subscriber line (ADSL)modem.
 9. A method of configuring a network device which loses itsconfiguration data on power loss comprising providing a network devicewithout user configuration data, providing within the network device aroutine which securely contacts a remote verification authority, anddownloading from a remote configuration authority authorised by theremote verification authority the entire configuration data.
 10. Amethod as claimed in claim 9 wherein the network device is a router. 11.A method as claimed in claim 10 wherein the router is part of an ADSLmodem.
 12. A method as claimed in claim 9 wherein the network device iscapable of being configured only by remote download of the completeconfiguration data.
 13. A method as claimed in claim 9 wherein thenetwork device routine which contacts the remote verification authoritycarries out any information transfer using secure encryption.
 14. Amethod as claimed in claim 11 wherein the secure encryption uses apublic key encryption method.
 15. A method as claimed in claim 14wherein the private key for the network device is provided by a devicetemporarily connected to the network device.
 16. A method as claimed inclaim 15 wherein the temporarily connected device is a USB memorydevice.
 17. A method as claimed in claim 9 wherein the configurationdata is also lost from the network device on any intrusion attempt. 18.A method of providing communication between two network devices ofunknown network address wherein each device is required to download itsconfiguration parameters from a server at a known network address eachtime the device is initialised, the devices allocated network addressesare stored at server, the server being queriable for the allocatednetwork addresses of the two network devices, and wherein communicationscan be initiated between the two network addresses from this data.
 19. Amethod as claimed in claim 18 wherein the two network devices arerouters.
 20. A method as claimed in claim 19 wherein the routers formpart of ADSL modems.